Fortinet Managed Rules for AWS WAF - API Gateway

I have been using Fortinet Managed Rules for AWS WAF  for one year or more. The main use case for Fortinet Managed Rules for AWS WAF  is that it protects from any malicious attack for URLs, including injection or SQL injection, limits requests for denial of service, or addresses middleware attacks.

Fortinet Managed Rules for AWS WAF  is useful and easy to use and manage, as it can handle use cases for denial of service and limited access, and serve as an application firewall for controlling who can access the application from outside the organization.

The best features Fortinet Managed Rules for AWS WAF  offers include the ease of FortiManager, which allows me to manage multiple WAFs from a single dashboard. Having everything on one dashboard helps speed up my team's workflow and efficiency because with one dashboard, I am not moving to another, and it uses multiple links, making it protected and easy for operation and management.

Fortinet Managed Rules for AWS WAF positively impacts my organization by providing protection. Since using Fortinet Managed Rules for AWS WAF, I have seen a positive impact, including improved security and easier management. I have noticed fewer attacks due to limiting the requests, or if someone tries a man-in-the-middle attack to steal the communication between the application and the end-user, as the service has protected many things from man-in-the-middle attacks, denial of service, and SQL server attacks.

Fortinet Managed Rules for AWS WAF can be improved by enhancing the dashboard and fine-tuning it depending on what service will be protected.

I have been working in my current field for more than three years.

Fortinet Managed Rules for AWS WAF is stable.

The scalability of Fortinet Managed Rules for AWS WAF is useful, as it increases the scalability and protection from external services.

The customer support for Fortinet Managed Rules for AWS WAF is very nice, as it is easy to access and has a fast response.

I have seen a return on investment, particularly in time saved, and it protects my external services from attackers.

My experience with pricing, setup cost, and licensing has shown that the setup cost is very useful and the cost is very cheap for using this service as a SaaS solution, which hopefully supports my organization.

I evaluated other options before choosing Fortinet Managed Rules for AWS WAF.

I advise others looking into using Fortinet Managed Rules for AWS WAF that it is easy for deployment, easy for management, and easy for configuration. I would rate this product an eight out of ten.

My main use of Fortinet Managed Rules for AWS WAF  is to protect web applications from common threats like SQL injection, XSS, and bot traffic. I use it to automatically detect and block malicious requests and improve overall application security. In addition to basic protection, I also focus on monitoring logs, tuning rules to reduce false positives, and improving overall application security performance.

The best features of Fortinet Managed Rules for AWS WAF  are automatic protection against OWASP threats, real-time threat updates, easy integration with AWS WAF , and reduced manual effort through preconfigured rulesets.

Automatic protection with Fortinet Managed Rules for AWS WAF  helps block threats instantly without manual effort, and real-time updates ensure the application stays protected against new and evolving attacks.

Additionally, Fortinet Managed Rules for AWS WAF  offers easy rule customization, better visibility through logs, and helps reduce false positives while maintaining strong security.

Fortinet Managed Rules for AWS WAF has positively impacted my organization by improving application security by blocking threats automatically, reducing manual effort, and ensuring consistent protection with real-time updates.

It helped to reduce security incidents, save time by automating threat protection, and improved overall efficiency in managing web application security. It helped save time by reducing manual monitoring, lowered security risk, and improved efficiency by automating threat protection with minimal resources.

Fortinet Managed Rules for AWS WAF can be improved by offering more customization options, better visibility into rule behavior, and easier tuning to reduce false positives.

Adding simpler rule tuning, clearer insight into blocked traffic, and better integration with monitoring tools would further improve usability.

Currently, I have been learning and working with AWS  and WAF and Fortinet Managed Rules for the past few months through hands-on practice and self-learning.

Fortinet Managed Rules for AWS WAF have been stable overall with consistent performance and minimal disruption. Updates are regular, and it handles traffic without a noticeable impact on application performance.

Fortinet Managed Rules for AWS WAF is highly scalable. It works with AWS  infrastructure and can handle increased traffic automatically without requiring major manual changes.

Customer support for Fortinet Managed Rules for AWS WAF is generally good with timely responses and helpful guidance, especially for setups and troubleshooting issues.

Earlier I relied on basic WAF rules, but I switched to Fortinet Managed Rules for better automation, stronger threat protection, and reduced manual effort.

Fortinet Managed Rules are typically purchased through the AWS Marketplace .

The pricing for Fortinet Managed Rules for AWS WAF is generally pay-as-you-go through AWS Marketplace  with no major setup costs. Licensing is flexible, but cost can increase based on usage and traffic.

I also evaluated options like AWS native managed rules and other third-party WAF rulesets, but I chose Fortinet for better threat intelligence, automation, and ease of management.

I chose a rating of eight out of ten for Fortinet Managed Rules for AWS WAF because it provides strong automated security and ease of use, but there is still room for improvement in customization and detailed visibility.

My main use case for Fortinet Managed Rules for AWS WAF  is having the OWASP rule set in place so it can work with the latest kinds of attacks, mitigations, and all.

One of the best features of Fortinet Managed Rules for AWS WAF  is the depth and quality of the threat protection that it provides. The rule sets are regularly updated with FortiGuard Threat Intelligence, which helps in protecting against evolving threats such as SQL injection, XSS, bot attacks, and zero-day vulnerabilities, without requiring any constant manual tuning. Another key advantage is the ease of deployment with the integration with AWS WAF .

Fortinet Managed Rules for AWS WAF  offers strong, enterprise-grade protection with minimal effort. One of the biggest advantages is the integration of the FortiGuard Threat Intelligence, which ensures that rules are continuously updated to defend against the latest threats such as SQL injection, XSS, and emerging vulnerabilities. The rules are also well-optimized to reduce false positives, which is critical in production environments, while providing flexibility to fine-tune behavior using exclusion overrides, allowing security teams to balance protection and application availability.

I would like to highlight how the threat intelligence updates have impacted my team. Since the rules are continuously updated, we do not have to manually track every new vulnerability or threat pattern, significantly reducing our operational effort and ensuring that we are always protected against the latest attack vectors without delays. The ease of deployment made a big difference; we were able to quickly onboard the application into AWS WAF , which helped us improve our security posture in a very short time. The consistency of protection across the application helped standardize our security approach; instead of creating custom rules for every application, we relied on these managed rules for a strong baseline and fine-tuned only where necessary.

Fortinet Managed Rules for AWS WAF  has had a very positive impact on my organization, especially in terms of improving my overall security posture and reducing the operational effort. One of the biggest benefits has been proactive threat protection, allowing us to protect our applications against common and emerging threats without having to manually track every vulnerability, giving us confidence that our applications are consistently secured. From an operational perspective, it significantly reduces the time and effort required for rule management. Instead of building and maintaining complex custom rules, we leverage the managed rule set for a strong baseline and focus only on fine-tuning wherever necessary. This helps my team save time and improve efficiency, while also minimizing the risk related to false positives and downtime. The rules are well optimized, and with proper tuning, we maintain a good balance between security and application availability, which is critical for business continuity. Additionally, the visibility through AWS WAF logs allows us to better understand attack patterns and improve our response strategy over time. Overall, it enables us to achieve stronger, more consistent security while simplifying the operational side and allowing the team to focus on higher-value tasks.

Fortinet Managed Rules for AWS WAF has had a very measurable positive impact on my organization, both in terms of security improvement and operational efficiency. From a security standpoint, we observe a noticeable reduction in web-based attack incidents reaching the application layer. Common threats such as SQL injection, XSS, and bot-driven attacks are effectively blocked at the WAF level itself, which reduces the burden on the back-end systems and incident response teams. Operationally, it helps us save a significant amount of time; earlier, a lot of effort was spent on creating and tuning the custom rules. With Fortinet Managed Rules for AWS WAF, we use them as a baseline and focus on fine-tuning, which reduces our rule management effort by around 40 to 50 percent, especially during the onboarding of any new application. We also see faster deployment timelines; new applications can be protected within hours instead of days, improving our overall security onboarding process. In terms of cost and efficiency, fewer incidents and reduced manual effort indirectly lead to cost savings, particularly by minimizing the downtime risk and reducing the need for continuous rule maintenance. The improved visibility from AWS WAF logs helps us identify attack trends and proactively adjust our security posture. Overall, Fortinet Managed Rules for AWS WAF help us strengthen security, reduce operational overhead, and improve deployment speed, making our WAF management more efficient and scalable.

Fortinet Managed Rules for AWS WAF is strong overall, but there are a few areas where improvements could make it even more effective. One area is around the visibility and transparency of rules; while the protection is good, having more detailed insights into how specific rules are triggered and a clearer description of rule logic would help teams with faster troubleshooting and fine-tuning. Another improvement could be handling false positives. Although the rules are generally well-optimized, in some cases, additional granularity in exclusion or more context-aware tuning options would help reduce manual effort during production deployments. Better integration and centralized visibility across multiple applications and environments would also be beneficial, especially for organizations managing large-scale or multi-account AWS  setups. Additionally, more customizable reporting and built-in analytics within the AWS WAF ecosystem, especially tailored for Fortinet Managed Rules for AWS WAF, would help teams quickly understand trends and make informed decisions without relying heavily on external tools. Overall, the solution is very effective, but enhancing visibility, flexibility, and reporting capabilities would further improve the user experience and operational efficiency.

One additional improvement would be more granular control and customization options within the managed rule set. While the default rule sets provide strong baseline protection, having more context-aware tuning capabilities, such as better handling based on the application behavior or user patterns, would further reduce the effort required during fine-tuning. Enhanced built-in dashboards, especially for Fortinet Managed Rules for AWS WAF, would make it easier to quickly understand rule effectiveness, false positive trends, and attack patterns without relying heavily on external tools. Another area is improved documentation and rule-level visibility, which would help teams troubleshoot faster and make more informed decisions when applying exclusions or overrides. Overall, these enhancements would further improve usability, reduce operational overhead, and make the solution even more efficient at scale.

I have been using Fortinet Managed Rules for AWS WAF for two years.

Fortinet Managed Rules for AWS WAF has been stable in my experience. I have not encountered any major issues impacting availability or performance. The rule updates from FortiGuard are applied smoothly and have not caused any disruption to my application when implemented with proper monitoring and testing. In production environments, the rules are consistently performing very well, effectively blocking malicious traffic without introducing significant latency or instability. Any minor tuning required was mainly related to false positives, which is expected with WAF solutions. Overall, the solution has been reliable and stable, making it suitable for securing critical applications.

From a management perspective, scaling across multiple applications and environments is straightforward. I apply consistent security policies across different workloads without significant additional effort.

My experience with customer support has been generally positive; the documentation and Fortinet resources are helpful, and the support response is good when needed. For more complex issues or tuning scenarios, support provides useful guidance, although response times can vary depending on the priority and complexity of the cases. Overall, the solution is both scalable and reliable, with good support that helps maintain and optimize deployments.

I was previously using a combination of custom AWS WAF rules and basic managed rule sets. While that setup provided a basic level of protection, it required significant manual effort for rule creation, tuning, and ongoing maintenance. I also faced challenges in keeping up with evolving threats and ensuring consistent protection across multiple applications. I decided to switch to Fortinet Managed Rules for AWS WAF mainly because of the advanced threat intelligence from FortiGuard, which provides continuously updated protection against new and emerging threats, reducing my dependency on manual rule updates. Operational efficiency was another key reason; with Fortinet Managed Rules for AWS WAF, I was able to standardize my WAF protection across environments and significantly reduce the time spent on rule management and tuning. Overall, the switch helped me improve security coverage, reduce operational overhead, and achieve more consistent and scalable protection.

I have seen a clear return on investment after implementing Fortinet Managed Rules for AWS WAF. One of the biggest gains is in time savings and operational efficiency. The effort required for creating and maintaining custom WAF rules reduced by around 45 to 55 percent, allowing my team to focus more on monitoring and optimization rather than rule management. I also observe a reduction in security incidents reaching back-end systems as common threats such as SQL injection, XSS, or automated bot traffic are effectively blocked at the WAF layer. This helps reduce incident handling effort and improves overall system stability. In terms of deployment, I am able to onboard and secure new applications much faster, in many cases within hours instead of days, improving my overall delivery timelines. From a cost perspective, while there is an additional licensing cost, it is offset by reduced manual effort, faster deployment, and lower risk of downtime or security breaches. Overall, it provides strong value by improving both security and efficiency without increasing team size.

My experience with pricing, setup cost, and licensing has been quite reasonable and aligned with the value provided. Since Fortinet Managed Rules for AWS WAF is available through the AWS Marketplace , the onboarding and licensing process was straightforward with no significant upfront setup cost. The pay-as-you-go model is flexible, allowing me to scale based on usage and application requirements. From a cost perspective, while there is an additional charge on top of the AWS WAF pricing, it is justified by the reduction of operational effort and the improved security coverage, helping me avoid spending excessive time and resources on building and maintaining custom rules. Overall, the pricing is fair considering the level of protection, ease of deployment, and ongoing threat intelligence updates, delivering good value, especially for organizations looking for managed security with minimal overhead.

Before choosing Fortinet Managed Rules for AWS WAF, I evaluated a few other options. I considered AWS  native managed rule groups, which are easy to deploy but somewhat limited in terms of advanced threat intelligence and coverage. I also looked at third-party managed rule providers available in the AWS Marketplace , as well as alternative WAF solutions such as Cloudflare WAF  and Akamai , especially for broader edge protection use cases. However, I chose Fortinet Managed Rules for AWS WAF because of the strong FortiGuard threat intelligence, frequent updates, and better balance between security coverage and operational simplicity. It also integrates seamlessly with my existing AWS WAF setup without requiring major architectural changes. Overall, Fortinet Managed Rules for AWS WAF stood out in terms of ease of deployment, consistent protection, and reduced effort for rule management compared to other options I evaluated.

I would recommend starting by using Fortinet Managed Rules for AWS WAF as a baseline protection layer rather than relying entirely on custom rule sets from the beginning. It helps quickly secure the application with minimal effort. I would also recommend enabling the rules initially in monitoring log mode, reviewing the traffic, and gradually moving to block mode. This approach helps in identifying and tuning false positives without impacting legitimate users. Another important point is to leverage AWS WAF logging and CloudWatch insights to understand traffic patterns and continuously fine-tune the rules based on application behavior. For organizations managing multiple applications, it is beneficial to standardize rule sets and apply them consistently across environments while allowing flexibility for specific exceptions. Overall, Fortinet Managed Rules for AWS WAF is very effective, but combining it with proper monitoring, tuning, and regular review will give the best results in terms of both security and performance.

Overall, Fortinet Managed Rules for AWS WAF has been a reliable and effective solution for securing my application. It provides strong baseline protection with minimal effort and integrates well within the AWS WAF ecosystem. With proper tuning and monitoring, it offers a good balance between security and performance. While there are areas for improvement in visibility and advanced customization, the solution delivers solid value and scalability for organizations managing modern cloud workloads. I would rate this solution an eight out of ten.

I am protecting our application from Layer 7 attacks, and we mainly use Fortinet Managed Rules for AWS WAF .

Let's suppose I want to protect my application from OWASP Top 10 vulnerabilities. For that, I also want to protect from SQL injection, cross-site scripting, common injection, and file inclusion attacks. For this type of attack, we use ports and scanners to identify the kind of attack, including DDoS attacks. I am using this web application firewall to protect my application.

The main use case is creating a policy and protecting applications. Fortinet Managed Rules for AWS WAF  protects web applications from application-layer attacks such as SQL injection, cross-site scripting, and OWASP Top 10 vulnerabilities. It sits in front of the web server and inspects HTTP and HTTPS traffic to detect and block malicious requests. I work for an ISP, so we have some critical applications that need protection. To protect those applications, we have created different policies. I will not reveal my client's name or the type of product, but I can give an example of the architecture: client, then WAF , then the web server, then the application. From the WAF , we have created a policy to protect our web server from Layer 7 attacks.

Let's suppose I am using a REST API and I want to protect that API. We have created a policy for that, including JSON and XML request inspection, API abuse detection, and rate limiting. For this type of protection, we are using API security. We also use bot protection for credential stuffing, scraping bots, fake account creation bots, and automated login attacks. For this, we have created a policy and profiles within a security policy.

OWASP Top 10 protection is the best feature. Bot protection includes credential stuffing, scraping bots, and API security. Machine learning protection, data loss prevention, SSL/TLS inspection, and integration with cloud platforms like AWS , Azure , and Google Cloud  are key features of Fortinet Managed Rules for AWS WAF.

After using these features, we are seeing fewer attacks in our organization. Fewer attacks mean we have more visibility. Fortinet Managed Rules for AWS WAF protects web applications from common cyber threats, allowing us to see the type of attack occurring, such as cross-site scripting and OWASP Top 10 vulnerabilities. This helps prevent data breaches, improve application availability, ensure regulatory compliance, and protect the organization's reputation in front of leadership, users, and clients.

Improved security means protection from Layer 7 attacks, including SQL injection, cross-site scripting, command injection, and bot attacks. Better business continuity is achieved since we are providing high availability, so the application stays available always and the service remains stable. We protect sensitive data like customer information, payment data, login credentials, and business data. We maintain compliance with security regulations including PCI DSS, GDPR, and ISO 20001. Overall, Fortinet Managed Rules for AWS WAF has positively impacted our organization by strengthening application security, preventing cyber attacks, and ensuring regulatory compliance.

Fortinet Managed Rules for AWS WAF is a strong solution for protecting web applications from OWASP Top 10 attacks and other application-layer threats. However, it could be improved by enhancing the user interface for easier policy management, providing deeper integration with multi-cloud platforms, improving reporting and analytics capabilities, and offering more advanced AI-driven threat detection to reduce false positives.

User interface and ease of management are areas where improvement is needed. Policy configuration can be complex, and navigation of the dashboard could be simpler. Better multi-integration with platforms like AWS , Azure , and Google Cloud  would be beneficial. Enhanced reporting and analytics capabilities should include security visibility, attack trend analysis, and compliance reporting. Advanced AI-based features such as behavior analysis, automated threat protection, and reduced false positives would enhance the solution.

There is scope for improvement in complex logging methods, as navigation of the dashboard could be simpler. Overall, Fortinet Managed Rules for AWS WAF is a reliable solution for web application protection, but improvements in usability, analytics, and cloud integration could make it even more effective for modern environments.

I have been using Fortinet Managed Rules for AWS WAF for the last four years.

Fortinet Managed Rules for AWS WAF is very stable.

Fortinet Managed Rules for AWS WAF can be easily scaled.

Customer support was very prompt. Whenever we needed assistance, we logged a case and there was an engineer to help us. I really appreciate the support provided by Fortinet.

I have used F5 before. Now we have switched to Fortinet Managed Rules for AWS WAF. F5 is a bit costly in comparison to Fortinet Managed Rules for AWS WAF.

Return on investment through using Fortinet Managed Rules for AWS WAF is definitely positive. Since we are protecting our application from Layer 7 attacks and deadly attacks, it provides a strong return on investment by preventing costly security incidents such as data breaches, application downtime, and fraud. By blocking web attacks like SQL injection and cross-site scripting before they reach the application, we are now stopping attacks at the WAF. The organization can avoid financial losses from regulatory penalties and operational disruption. This significantly reduces the overall cost of security incidents compared to the cost of deploying the WAF.

Compared to other vendors, the price is reasonable.

I would recommend that others go for Fortinet Managed Rules for AWS WAF as it is a very reliable solution.

I give this product a review rating of 8 out of 10.

Fortinet Managed Rules for AWS WAF  is used for security purposes. My major use case is API management these days.

What really stands out for me in Fortinet Managed Rules for AWS WAF  is that it is good and meets our requirements. We are getting everything we need from it. The interface is straightforward with a very good GUI. It is a stateful firewall with identity-based access control. Policy-based traffic management can be done, and there is also packet inspection and application-aware traffic filtering.

Fortinet Managed Rules for AWS WAF  has a very complex configuration. It has a dependency on its license for IPS signatures and web filtering, and it is resource-intensive with large requirements in very large network environments. Managing multiple firewalls, log storage, and analytics can be challenging. There are also upgrade issues and very limited third-party integrations.

The price is very high. The investment is an issue because a small company cannot afford it, but organizations with the capability are adopting it.

Regarding installation, there are some challenges, such as setting the internal network IP and configuring it. You can deploy it on a VM, but it can be difficult to manage during the initial period.

I have been using it for two and a half years.

I do not see any issues with the stability of the solution; it is reliable and performs well.

It is a scalable product.

I like the technical support from Fortinet.

Positive

I have never used anything similar to this product from other vendors.

Regarding installation, there are some challenges, such as setting the internal network IP and configuring it. You can deploy it on a VM, but it can be difficult to manage during the initial period.

The investment is an issue because a small company cannot afford it, but organizations with the capability are adopting it.

The price is very high.

I have never used anything similar to this product from other vendors. I have not heard of or used tools such as Coralogix , Axway, Traffic, Tyk , Apollo, Gluu  Platform, or Sensedia API management.

Analytics is helpful to me, including bandwidth usage per application or user consuming the bandwidth, traffic from the source IP or destination IP, and DNS information. Fortinet Managed Rules for AWS WAF  has custom security policies which we can customize based on source or destination IP, users or groups, applications, service ports, and schedules based on time. We can also customize our application controls to detect priority applications, block applications, limit applications, apply bandwidth on applications, and use custom IPS signatures to detect specific attack patterns, block unusual traffic behaviors, and protect internal applications. Custom web filtering categories can be created to allow or block specific websites, and we can control web access by users, determining which users can access which sites.

We get the benefits of continuous threat intelligence updates with very strong network security. We can integrate it with security platforms, and it offers high performance, centralized management, and advanced threat intelligence. We can access it securely with remote access, and it provides improved network visibility and cost efficiency.

The built-in analytics for real-time attack insights is good because we are using it. If I were to rate support from zero to ten points, I would give eight and a half points for their support. For Fortinet Managed Rules for AWS WAF, I would rate it the same, eight and a half points. I believe the overall solution would be closer to eight points. I would rate this product eight out of ten.